SUSE-SU-2016:1504-1

Details

This update for php5 fixes the following issues:

Security issues fixed:

CVE-2016-4346: heap overflow in ext/standard/string.c (bsc#977994)
CVE-2016-4342: heap corruption in tar/zip/phar parser (bsc#977991)
CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflow corrupting one definition (bsc#978827)
CVE-2016-4539: Malformed input causes segmentation fault in xml_parse_into_struct() function (bsc#978828)
CVE-2016-4540, CVE-2016-4541: Out-of-bounds memory read in zif_grapheme_stripos when given negative offset (bsc#978829)
CVE-2016-4542, CVE-2016-4543, CVE-2016-4544: Out-of-bounds heap memory read in exif_read_data() caused by malformed input (bsc#978830)
CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function (bsc#980366)
CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c (bsc#980373)
CVE-2015-8874: Stack consumption vulnerability in GD (bsc#980375)

Affected Packages(53 packages)

apache2-mod_php5

SUSE Linux Enterprise Module for Web and Scripting 12

Fixed in:

5.5.14-59.2

php5

SUSE Linux Enterprise Module for Web and Scripting 12SUSE Linux Enterprise Software Development Kit 12SUSE Linux Enterprise Software Development Kit 12 SP1

Fixed in:

5.5.14-59.2

php5-bcmath

SUSE Linux Enterprise Module for Web and Scripting 12

Fixed in:

5.5.14-59.2

php5-bz2

SUSE Linux Enterprise Module for Web and Scripting 12

Fixed in:

5.5.14-59.2

php5-calendar

SUSE Linux Enterprise Module for Web and Scripting 12